In Internet protocol networks, such as the Internet, denial of service attacks are common methods by which attackers render useless a resource that is connected to the network by flooding the resource with packets from the same source or from different sources. For example, a denial of service attack on a server may include repeatedly sending TCP connection requests to a server. If the volume of connection requests per unit time exceeds the capacity of the server, the server will become overloaded in processing the connection requests and will be unable to provide service to legitimate clients. Such attacks have resulted in the unavailability of known e-commerce websites.
In light of the denial of service attacks that have been conducted over the Internet, firewall mechanisms have been created. In its simplest form, a firewall rule set that prevents a denial of service attack may include a rule that blocks all packets from the source of the denial of service attack, once the attack has been detected and the source has been identified. Distributed denial of service attacks are more difficult to detect or prevent because the packets used in the attack originate from multiple sources.
While DoS detection and firewall mechanisms have been implemented to protect e-commerce servers in the Internet, such mechanisms have typically not been implemented in telecommunications signaling networks because the networks have traditionally been closed. That is, because it has been difficult for outsiders to gain physical access to the telecommunications signaling network, such networks lack signaling message security mechanisms. However, with the advent of IP telephony and the opening of traditionally closed networks to signaling traffic from other carriers, physical security has become inadequate. As a result, attackers can gain access to signaling channels used to establish and tear down calls, making telecommunications signaling networks vulnerable to attacks, such as denial of service attacks.
Accordingly, there exists a long felt need for improved methods, systems, and computer program products for detecting and mitigating denial of service attacks in telecommunications signaling networks.